Trojaner "Dieses Programm kann Webseite nicht anzeigen"

charly2000 · 29.04.2012, 19:16

Hallo bin neu hier im board und brauche Eure Hilfe.

Habe mir gestern (vermutlich) einen Trojaner eingefangen. Ich habe Windows Vista (SP2) 32 Bit.

Nach dem Starten erscheint der Desktop kurz danach kommt sofort eine Seite mit dem Hinweis "Das Programm kann die Webseite nicht anzeigen". Dann ist nichts mehr möglich. Übereinstimmungen der Screenshots bei www.bka-trojaner.de habe ich nicht gefunden. Von gesperrten Dateien oder einer Aufforderung zum Bezahlen habe ich nichts gesehen.

Habe im abgesicherten Modus die Systemwiederherstellung versucht und nun läuft erst mal alles wieder normal. Vor der Systemwiederherstellung mit Malwarebytes fündig geworden (Roque.residue und Heuristics.Residue) nach der Systemwiederherstellung mit selbigen Dateien nochmals fündig geworden.

Soeben Logfile mit HijackThis erstellt.

Kann das bitte jemand checken?
Tausend Dank. Bei Fragen gern.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:07:59, on 29.04.2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Clarus\Samsung Auto Backup\ISFGuage.exe
C:\Program Files\Clarus\Samsung Auto Backup\ISFRealTimeD.exe
C:\Program Files\Clarus\Samsung Auto Backup\ISFTimerD.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Analyst\Downloads\HiJackThis204(1).exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [HWSetup] \HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [ROC_roc_dec12] "C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [TOSCDSPD] TOSCDSPD.EXE
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Startup: Samsung Auto Backup Guage.lnk = ?
O4 - Startup: Samsung Auto Backup Real-Time Daemon.lnk = ?
O4 - Startup: Samsung Auto Backup Scheduler.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} - hxxp://rover.ebay.com/rover/1/707-44556-9400-3/4 (file missing)
O9 - Extra button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} - hxxp://www.amazon.de/exec/obidos/redirect-home?tag=Toshibadebholink-21&site=home (file missing)
O9 - Extra button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - hxxp://www.webtip.ch/cgi-bin/toshiba/tracker_url_de.pl?hxxp://www.ebay.de/ (file missing)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AAA64D87-2456-4D7E-ADAD-38A22530F209}: NameServer = 192.168.0.1
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll
O20 - AppInit_DLLs: avgrsstx.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Notebook Performance Tuning Service (TempoMonitoringService) - Toshiba Europe GmbH - C:\Program Files\Toshiba TEMPO\TempoSVC.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - Unknown owner - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 9388 bytes

kira · 30.04.2012, 08:19

Hallo und Herzlich Willkommen!

Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]:

Zitat:

"Fernbehandlungen/Fernhilfe" und die damit verbundenen Haftungsrisken:
- da die Fehlerprüfung und Handlung werden über große Entfernungen durchgeführt, besteht keine Haftung unsererseits für die daraus entstehenden Folgen.
- also, jede Haftung für die daraus entstandene Schäden wird ausgeschlossen, ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!
Charakteristische Merkmale/Profilinformationen:
- aus der verwendeten Loglisten oder Logdateien - wie z.B. deinen Realnamen, Seriennummer in Programm etc)- kannst Du durch [X] oder Sternchen (*) ersetzen
Die Systemprüfung und Bereinigung:
- kann einige Zeit in Anspruch nehmen (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst
Ich empfehle Dir die Anweisungen erst einmal komplett durchzulesen, bevor du es anwendest, weil wenn du etwas falsch machst, kann es wirklich gefährlich werden. Wenn du meinen Anweisungen Schritt für Schritt folgst, kann eigentlich nichts schief gehen.
Innerhalb der Betreuungszeit:
- ohne Abspräche bitte nicht auf eigene Faust handeln!- bei Problemen nachfragen.
Die Reihenfolge:
- genau so wie beschrieben bitte einhalten, nicht selbst die Reihenfolge wählen!
GECRACKTE SOFTWARE werden hier nicht geduldet!!!!
Ansonsten unsere Forumsregeln:
- Bitte erst lesen, dann posten!-> Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?

Alle Logfile mit einem vBCode Tag eingefügen, das bietet hier eine gute Übersicht, erleichtert mir die Arbeit! Falls das Logfile zu groß, teile es in mehrere Teile auf.

Sobald Du diesen Einführungstext gelesen hast, kannst Du beginnen

► Erster Teil des 3-teiligen Verfahren, werden wir dein System auf Viren untersuchen, bzw nach einem anderen Verursacher suchen:
Für Vista und Win7:
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen
Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen!

1.
Hast du den Rechner bereits auf Viren überprüft? Folgende Ergebnisse möchte ich noch sehen:

Code:

ATTFilter

Malwarebytes
(alle vorhandenen Protokolle!)

2.
Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt - OTL.txt und Extras.txt
Poste die Logfiles in Code-Tags hier in den Thread.

3.
Um festzustellen, ob veraltete oder schädliche Software unter Programme installiert sind, ich würde gerne noch all deine installierten Programme sehen:

Download den CCleaner - Installer herunter
Software-Lizenzvereinbarung lesen, falls irgendeine Toolbar angeboten wird, bitte abwählen!-> starten -> Falls nötig, auf "Deutsch" einstellen.
starten-> klick auf `Extras` (um auf deinem System installierte Software zu anzeigen)-> dann auf `Als Textdatei speichern...`
ein Textdatei wird automatisch erstellt, poste auch dieses Logfile (also die Liste alle installierten Programme...eine Textdatei)

Zitat:

Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du (also am Anfang des Logfiles):[code]
hier kommt dein Logfile rein - z.B OTL-Logfile o. sonstiges
→ dahinter - also am Ende der Logdatei: [/code]

** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw

gruß
kira

charly2000 · 01.05.2012, 17:20

Hallo Kira,

Danke, hier die Infos:

1.) Habe mit AVG Komplettscan durchgeführt - ohne Ergebnis:

Code:

ATTFilter

 "Scan ""Gesamten Computer scannen"" wurde beendet."
"Bei diesem Scan wurde keine Infizierung gefunden"
"Für den Scanvorgang ausgewählte Ordner:";"Gesamten Computer scannen"
"Start des Scans:";"Dienstag, 1. Mai 2012, 16:59:43"
"Scan beendet:";"Dienstag, 1. Mai 2012, 17:41:35 (41 Minute(n) 51 Sekunde(n))"
"Gesamtanzahl gescannter Objekte:";"664981"
"Benutzer, der den Scan gestartet hat:";"Analyst"

Protokolle Malwarebytes:

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.05.01.05

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Analyst :: Analyst-PC [Administrator]

Schutz: Deaktiviert

01.05.2012 13:25:07
mbam-log-2012-05-01 (13-25-07).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 351960
Laufzeit: 1 Stunde(n), 28 Minute(n), 9 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.04.28.05

Windows Vista Service Pack 2 x86 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
Analyst :: Analyst-PC [Administrator]

Schutz: Deaktiviert

28.04.2012 20:29:59
mbam-log-2012-04-28 (20-29-59).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 365723
Laufzeit: 1 Stunde(n), 11 Minute(n), 24 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 5
C:\Users\Steffen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JPW983OY\SoftonicDownloader_fuer_trojan-remover (1).exe (PUP.ToolbarDownloader) -> Keine Aktion durchgeführt.
C:\Users\Steffen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JPW983OY\SoftonicDownloader_fuer_trojan-remover.exe (PUP.ToolbarDownloader) -> Keine Aktion durchgeführt.
C:\Users\Steffen\Downloads\SoftonicDownloader_fuer_trojan-remover (1).exe (PUP.ToolbarDownloader) -> Keine Aktion durchgeführt.
C:\Users\Steffen\Downloads\SoftonicDownloader_fuer_trojan-remover (2).exe (PUP.ToolbarDownloader) -> Keine Aktion durchgeführt.
C:\Users\Steffen\Downloads\SoftonicDownloader_fuer_trojan-remover.exe (PUP.ToolbarDownloader) -> Keine Aktion durchgeführt.

(Ende)

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.04.28.09

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Analyst :: Analyst-PC [Administrator]

Schutz: Deaktiviert

29.04.2012 15:39:34
mbam-log-2012-04-29 (15-39-34).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 350154
Laufzeit: 2 Stunde(n), 12 Minute(n), 21 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 1
HKCU\SOFTWARE\fcn (Rogue.Residue) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Windows\Rundll32.exe (Heuristics.Reserved.Word.Exploit) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.04.28.05

Windows Vista Service Pack 2 x86 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
Analyst :: Analyst-PC [Administrator]

Schutz: Deaktiviert

29.04.2012 09:30:34
mbam-log-2012-04-29 (09-30-34).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 365215
Laufzeit: 1 Stunde(n), 6 Minute(n), 36 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Code:

ATTFilter

 Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.04.28.05

Windows Vista Service Pack 2 x86 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
Analyst :: Analyst-PC [Administrator]

28.04.2012 18:20:21
mbam-log-2012-04-28 (18-20-21).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 364751
Laufzeit: 1 Stunde(n), 6 Minute(n), 18 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 1
HKCU\SOFTWARE\fcn (Rogue.Residue) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Windows\Rundll32.exe (Heuristics.Reserved.Word.Exploit) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

2. OTL.TXT
OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 01.05.2012 17:48:44 - Run 1
OTL by OldTimer - Version 3.2.42.2     Folder = C:\Users\Analyst\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 0,73 Gb Available Physical Memory | 36,79% Memory free
4,22 Gb Paging File | 2,57 Gb Available in Paging File | 61,05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74,52 Gb Total Space | 8,26 Gb Free Space | 11,08% Space Free | Partition Type: NTFS
Drive E: | 73,06 Gb Total Space | 51,77 Gb Free Space | 70,86% Space Free | Partition Type: NTFS
 
Computer Name: Analyst-PC | User Name: Analyst | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Analyst\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG Secure Search\vprot.exe ()
PRC - C:\Programme\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\Clarus\Samsung Auto Backup\ISFTimerD.exe (Clarus, Inc.)
PRC - C:\Programme\Clarus\Samsung Auto Backup\ISFRealTimeD.exe (Clarus, Inc.)
PRC - C:\Programme\Clarus\Samsung Auto Backup\ISFGuage.exe (Clarus, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Programme\Synaptics\SynTP\SynToshiba.exe (Synaptics Incorporated)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Toshiba TEMPO\TempoSVC.exe (Toshiba Europe GmbH)
PRC - C:\Programme\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
PRC - C:\Programme\TOSHIBA\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION)
PRC - C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
PRC - C:\Programme\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
PRC - C:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
PRC - C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Programme\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
PRC - C:\Programme\TOSHIBA\Utilities\KeNotify.exe ()
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
PRC - C:\Programme\Common Files\microsoft shared\VS7Debug\mdm.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\TCrdMain\d20a10ce0db1ff6cf948b2988f27a836\TCrdMain.ni.exe ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\09b9cd1c630210237b5b46d9943e1946\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\61759b9905aed9a87347d04b5fad046b\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a8100864c7dd9ecf5d9f07fdaf5ba246\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\89b3b18de5d2cc945c24c0333d78f665\PresentationCore.ni.dll ()
MOD - C:\Users\Analyst\AppData\Roaming\Mozilla\Firefox\Profiles\tlzq1cc7.default\extensions\{00b2f024-4c9d-4f95-88b9-de678d1de316}\components\RadioWMPCoreGecko11.dll ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_2_202_228.dll ()
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d48e106e015d0f8cb2d5295015cee508\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1e258a951222c818540b33880ca45f2e\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c50133cb67d7c013fa31e1ffb942060b\System.ni.dll ()
MOD - C:\Programme\AVG Secure Search\vprot.exe ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Programme\WinRAR\RarExt.dll ()
MOD - C:\Windows\System32\igfxTMM.dll ()
MOD - C:\Programme\TOSHIBA\FlashCards\de\TCrdMain.resources.dll ()
MOD - C:\Programme\TOSHIBA\TBS\NotifyTBS.dll ()
MOD - C:\Programme\TOSHIBA\FlashCards\TWarnMsg\TWarnMsg.dll ()
MOD - C:\Programme\TOSHIBA\PCDiag\NotifyPCD.dll ()
MOD - C:\Programme\TOSHIBA\Utilities\KeNotify.exe ()
MOD - C:\Programme\TOSHIBA\TOSHIBA Assist\NotifyX.dll ()
MOD - C:\Programme\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (TOSHIBA Bluetooth Service) -- c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe File not found
SRV - (avg9wd) -- C:\Programme\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AVG Security Toolbar Service) -- C:\Programme\AVG\AVG9\Toolbar\ToolbarBroker.exe ()
SRV - (nosGetPlusHelper) getPlus(R) -- C:\Programme\NOS\bin\getPlus_Helper_3004.dll (NOS Microsystems Ltd.)
SRV - (getPlusHelper) -- C:\Programme\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (TempoMonitoringService) -- C:\Programme\Toshiba TEMPO\TempoSVC.exe (Toshiba Europe GmbH)
SRV - (TNaviSrv) -- C:\Programme\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
SRV - (TosCoSrv) -- C:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV - (IAANTMON) Intel(R) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (CFSvcs) -- C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (ServiceLayer) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (UleadBurningHelper) -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe (MAGIX®)
SRV - (MDM) -- C:\Programme\Common Files\microsoft shared\VS7Debug\mdm.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (vnet) -- system32\DRIVERS\virtualnet.sys File not found
DRV - (vflt) -- system32\DRIVERS\vfilter.sys File not found
DRV - (TpChoice) -- system32\DRIVERS\TpChoice.sys File not found
DRV - (Tosrfcom) --  File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (MBAMSwissArmy) --  File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (AvgMfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgTdiX) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgLdx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (TVALZ) -- C:\Windows\System32\drivers\TVALZ_O.SYS (TOSHIBA Corporation)
DRV - (tos_sps32) -- C:\Windows\System32\drivers\tos_sps32.sys (TOSHIBA Corporation)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )
DRV - (CplIR) -- C:\Windows\System32\drivers\CplIR.sys (COMPAL ELECTRONIC INC.)
DRV - (tifm21) -- C:\Windows\System32\drivers\tifm21.sys (Texas Instruments)
DRV - (KR10N) -- C:\Windows\System32\drivers\KR10N.sys (TOSHIBA CORPORATION)
DRV - (KR10I) -- C:\Windows\System32\drivers\KR10I.sys (TOSHIBA CORPORATION)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (tosrfec) -- C:\Windows\System32\drivers\tosrfec.sys (TOSHIBA Corporation)
DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV - (Nokia USB Phone Parent) -- C:\Windows\System32\drivers\nmwcd.sys (Nokia)
DRV - (Nokia USB Port) -- C:\Windows\System32\drivers\nmwcdcj.sys (Nokia)
DRV - (Nokia USB Modem) -- C:\Windows\System32\drivers\nmwcdcm.sys (Nokia)
DRV - (Nokia USB Generic) -- C:\Windows\System32\drivers\nmwcdc.sys (Nokia)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (LPCFilter) -- C:\Windows\System32\drivers\LPCFilter.sys (COMPAL ELECTRONIC INC.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {2C5BAA34-F8C4-42C0-80CE-02A267502AE7}
IE - HKLM\..\SearchScopes\{2C5BAA34-F8C4-42C0-80CE-02A267502AE7}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rls=com.microsoft:*:IE-SearchBox&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7;
IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch
IE - HKCU\..\SearchScopes\{0F36E18A-6296-4333-9D99-269AAFE3D111}_Search Solver: "URL" = hxxp://www.search-solver.com/?t=Q0908221719&s=b&keywords={searchTerms}
IE - HKCU\..\SearchScopes\{2C5BAA34-F8C4-42C0-80CE-02A267502AE7}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rls=com.microsoft:*:IE-SearchBox&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7;
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={D056E45D-88C7-40CA-9340-DC2BFFB44DE9}&mid=4258a7e80e4df4355e997e37031c912e-89a0743544eb25f6fe1a70e6c7689c0422b59eb7&lang=de&ds=AVG&pr=fr&d=2011-12-03 17:21:13&v=10.0.0.7&sap=dsp&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.defaultthis.engineName: "sporthdtv Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2546759&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://google.de"
FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.227.0
FF - prefs.js..extensions.enabledItems: {00b2f024-4c9d-4f95-88b9-de678d1de316}:2.5.8.6
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.87
FF - prefs.js..extensions.enabledItems: avg@igeared:6.103.018.001
FF - prefs.js..keyword.URL: "hxxp://isearch.avg.com/search?cid=%7B457a1ed1-5f1c-4ac4-8aa7-ee17ca72491a%7D&mid=4258a7e80e4df4355e997e37031c912e-89a0743544eb25f6fe1a70e6c7689c0422b59eb7&ds=AVG&v=10.0.0.7&lang=de&pr=fr&d=2011-12-03%2017%3A21%3A13&sap=ku&q="
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_228.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2011.08.10 18:48:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\10.0.0.7\ [2012.01.16 20:38:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.03.25 19:53:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.12.18 22:59:03 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mail@gutscheinrausch.de: C:\Users\Analyst\AppData\Roaming\Mozilla\Firefox\Profiles\tlzq1cc7.default\extensions\mail@gutscheinrausch.de [2012.01.29 13:40:06 | 000,000,000 | ---D | M]
 
[2010.01.19 20:21:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Analyst\AppData\Roaming\mozilla\Extensions
[2012.04.29 14:02:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Analyst\AppData\Roaming\mozilla\Firefox\Profiles\tlzq1cc7.default\extensions
[2012.04.29 11:47:00 | 000,000,000 | ---D | M] (sporthdtv Community Toolbar) -- C:\Users\Analyst\AppData\Roaming\mozilla\Firefox\Profiles\tlzq1cc7.default\extensions\{00b2f024-4c9d-4f95-88b9-de678d1de316}
[2010.10.01 15:01:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Analyst\AppData\Roaming\mozilla\Firefox\Profiles\tlzq1cc7.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.08.22 14:49:52 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\Analyst\AppData\Roaming\mozilla\Firefox\Profiles\tlzq1cc7.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2012.03.26 21:18:36 | 000,000,000 | ---D | M] (FoxLingo) -- C:\Users\Analyst\AppData\Roaming\mozilla\Firefox\Profiles\tlzq1cc7.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}
[2011.05.10 09:39:15 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Analyst\AppData\Roaming\mozilla\Firefox\Profiles\tlzq1cc7.default\extensions\engine@conduit.com
[2012.01.29 13:40:06 | 000,000,000 | ---D | M] (Gutscheinrausch.de) -- C:\Users\Analyst\AppData\Roaming\mozilla\Firefox\Profiles\tlzq1cc7.default\extensions\mail@gutscheinrausch.de
[2012.05.01 17:47:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Analyst\AppData\Roaming\mozilla\Firefox\Profiles\tlzq1cc7.default\extensions\staged
[2010.03.24 16:15:10 | 000,000,921 | ---- | M] () -- C:\Users\Analyst\AppData\Roaming\Mozilla\Firefox\Profiles\tlzq1cc7.default\searchplugins\conduit.xml
[2011.03.15 22:47:11 | 000,001,583 | ---- | M] () -- C:\Users\Analyst\AppData\Roaming\Mozilla\Firefox\Profiles\tlzq1cc7.default\searchplugins\web-search.xml
[2012.01.01 15:10:12 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.01.16 20:38:18 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\10.0.0.7
() (No name found) -- C:\USERS\Analyst\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TLZQ1CC7.DEFAULT\EXTENSIONS\{DD05FD3D-18DF-4CE4-AE53-E795339C5F01}.XPI
[2012.03.25 19:52:59 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.12.18 22:58:01 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.02.17 00:15:13 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.01.16 20:37:41 | 000,003,766 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012.02.17 00:15:13 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.02.17 00:15:13 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.17 00:15:13 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.17 00:15:13 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.17 00:15:13 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Programme\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Programme\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {965B54B0-71E0-4611-8DE7-F73FA0B20E26} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O4 - HKLM..\Run: [00TCrdMain] C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Programme\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HSON] C:\Programme\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [HWSetup] \HWSetup.exe hwSetUP File not found
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [KeNotify] C:\Programme\TOSHIBA\Utilities\KeNotify.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [ROC_roc_dec12] C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmoothView] C:\Programme\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA)
O4 - HKLM..\Run: [TPwrMain] C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [TOSCDSPD] TOSCDSPD.EXE File not found
O4 - HKCU..\Run: [Winsweep]  File not found
O4 - HKCU..\Run: [Winsweep Popupblocker]  File not found
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Analyst\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Auto Backup Guage.lnk = C:\Programme\Clarus\Samsung Auto Backup\ISFGuage.exe (Clarus, Inc.)
O4 - Startup: C:\Users\Analyst\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Auto Backup Real-Time Daemon.lnk = C:\Programme\Clarus\Samsung Auto Backup\ISFRealTimeD.exe (Clarus, Inc.)
O4 - Startup: C:\Users\Analyst\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Auto Backup Scheduler.lnk = C:\Programme\Clarus\Samsung Auto Backup\ISFTimerD.exe (Clarus, Inc.)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} - hxxp://rover.ebay.com/rover/1/707-44556-9400-3/4 File not found
O9 - Extra Button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} - hxxp://www.amazon.de/exec/obidos/redirect-home?tag=Toshibadebholink-21&site=home File not found
O9 - Extra Button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - hxxp://www.webtip.ch/cgi-bin/toshiba/tracker_url_de.pl?hxxp://www.ebay.de/ File not found
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AAA64D87-2456-4D7E-ADAD-38A22530F209}: NameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D0DACA61-45DF-496A-93A2-362873DBB8BA}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Common Files\microsoft shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Programme\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll ()
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Analyst\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Analyst\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0c920310-8d66-11dc-853d-001b384c250f}\Shell - "" = AutoRun
O33 - MountPoints2\{0c920310-8d66-11dc-853d-001b384c250f}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -a
O33 - MountPoints2\{666ef152-0265-11de-b51c-001b384c250f}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL \TestPersonal\Testpersonal.exe
O33 - MountPoints2\{6dcf734b-2920-11df-b73c-001b384c250f}\Shell - "" = AutoRun
O33 - MountPoints2\{6dcf734b-2920-11df-b73c-001b384c250f}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -a
O33 - MountPoints2\{9a28f430-ca2a-11de-a85e-001b384c250f}\Shell\AutoRun\command - "" = D:\setupSNK.exe
O33 - MountPoints2\{cd54ccde-72df-11df-a383-001b384c250f}\Shell\AutoRun\command - "" = D:\PrivacyDongle-Windows.exe
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.05.01 17:46:37 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Analyst\Desktop\OTL.exe
[2012.05.01 13:12:02 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2012.04.29 15:04:07 | 000,000,000 | ---D | C] -- C:\Windows\Internet Logs
[2012.04.29 11:57:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.04.29 11:57:23 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.04.28 22:26:22 | 000,000,000 | ---D | C] -- C:\Program Files\Ashampoo
[2012.04.28 18:14:10 | 000,000,000 | ---D | C] -- C:\Users\Analyst\AppData\Roaming\Malwarebytes
[2012.04.28 18:14:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.04.28 18:14:05 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.04.14 20:54:41 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.04.14 20:54:39 | 001,799,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.04.14 20:54:38 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.04.14 20:54:38 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.04.14 20:54:38 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.04.14 20:54:37 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.04.14 20:54:01 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012.04.14 20:54:01 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012.04.14 20:47:54 | 002,044,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.04.14 20:47:52 | 000,613,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpencom.dll
[2012.04.14 20:47:25 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2012.04.14 20:47:25 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2012.04.14 20:47:25 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2012.04.14 20:47:25 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2012.04.14 20:47:25 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2012.04.07 11:20:32 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.04.07 11:20:32 | 000,070,304 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.05.01 17:46:09 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Analyst\Desktop\OTL.exe
[2012.05.01 17:18:33 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.05.01 17:04:02 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.05.01 17:04:02 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.05.01 16:47:14 | 096,800,245 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2012.05.01 16:45:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.05.01 13:17:13 | 000,638,748 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.05.01 13:17:13 | 000,604,324 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.05.01 13:17:13 | 000,130,668 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.05.01 13:17:13 | 000,107,760 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.05.01 13:03:35 | 2137,448,448 | -HS- | M] () -- C:\hiberfil.sys
[2012.04.29 11:57:39 | 000,000,911 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.04.29 09:25:01 | 000,000,016 | ---- | M] () -- C:\ProgramData\wkirjnexyigxavkrtxytmjcnngajnqaf
[2012.04.29 09:15:31 | 000,001,356 | ---- | M] () -- C:\Users\Analyst\AppData\Local\d3d9caps.dat
[2012.04.14 21:03:10 | 000,275,176 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.04.09 11:41:28 | 229,386,216 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.04.07 11:20:32 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.04.07 11:20:32 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.04.29 11:57:39 | 000,000,911 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.04.29 11:48:32 | 2137,448,448 | -HS- | C] () -- C:\hiberfil.sys
[2012.04.28 14:23:47 | 000,000,016 | ---- | C] () -- C:\ProgramData\wkirjnexyigxavkrtxytmjcnngajnqaf
[2012.04.07 11:20:57 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.01.29 13:39:59 | 000,338,432 | ---- | C] () -- C:\Windows\System32\sqlite36_engine.dll
[2011.02.27 15:49:09 | 000,000,030 | ---- | C] () -- C:\Windows\SSEKonf.ini
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:F3D5B2AD

< End of report >

--- --- ---

OTL Extra.TXT
OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 01.05.2012 17:48:44 - Run 1
OTL by OldTimer - Version 3.2.42.2     Folder = C:\Users\analyst\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 0,73 Gb Available Physical Memory | 36,79% Memory free
4,22 Gb Paging File | 2,57 Gb Available in Paging File | 61,05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74,52 Gb Total Space | 8,26 Gb Free Space | 11,08% Space Free | Partition Type: NTFS
Drive E: | 73,06 Gb Total Space | 51,77 Gb Free Space | 70,86% Space Free | Partition Type: NTFS
 
Computer Name: analyst-PC | User Name: analyst | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [CEWE FOTOSCHAU] -- "E:\dm-Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [dm-Fotowelt] -- "E:\dm-Fotowelt\dm-Fotowelt.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01FB684B-B383-49F5-A893-945786987BCD}" = lport=445 | protocol=6 | dir=in | app=system | 
"{068CEBD1-3C2C-4C96-B1D7-7469D93DA4FC}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{37400866-BACC-4B85-B37A-313BE751B741}" = lport=137 | protocol=17 | dir=in | app=system | 
"{3F98854E-137B-4A76-A276-3E33E584779F}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{539782FC-DCB7-4EF9-826C-FCA47E6F14CA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{5A097B65-DB6C-4E3E-8AF5-E023BCB80638}" = rport=137 | protocol=17 | dir=out | app=system | 
"{64E77B25-D833-45E7-A1B0-9CA8B2FE2C6F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{6F1E8AB2-FDEB-4F82-B744-30834C18FD29}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{73440219-2689-4B31-AECF-83B9A66D9D6C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{747AD30B-5E90-4008-9EE2-7F10A4837123}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{85D1D3D2-C116-414E-AB24-841067607E59}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{99F20903-3637-4723-A079-7F56930813D8}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{9FEC4459-5A1F-4560-B507-CF4CA5F64F0B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{D3BEECD3-990C-4F46-9369-09ED64FEFB68}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{D7244E89-D82E-4501-98D8-39DCAEC0C9BF}" = rport=445 | protocol=6 | dir=out | app=system | 
"{D8CF807A-A014-4698-80C7-14F2A996C1E9}" = rport=139 | protocol=6 | dir=out | app=system | 
"{DF3CC9FA-9999-4023-80BF-BBA47959B9DB}" = lport=139 | protocol=6 | dir=in | app=system | 
"{EAA03634-6E59-42A8-B982-CB3336A7188E}" = rport=138 | protocol=17 | dir=out | app=system | 
"{F791EFAB-4F24-405C-91BD-03B5F3F98055}" = lport=138 | protocol=17 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0007AF3C-B250-4AC3-A149-2D824AB3A88C}" = protocol=6 | dir=in | app=e:\tobit clipinc\server\clipinc-server.exe | 
"{00B47A50-CDDF-4F2B-9E36-19D2ACE69694}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{0CB687C0-802E-42FD-825D-3752F1F544F8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{1149D5E6-F08F-4ADB-9E4B-1B970A120555}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{13147B18-365F-4449-BAB3-9F89A6A6A5AA}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{1321AEC1-D423-44A8-A39E-AC03629F1715}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{263E312E-130F-4DAE-8513-A1FC68DF019A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{320F21C4-BD22-4BA2-AD36-1A07C64DA32B}" = protocol=6 | dir=out | app=system | 
"{36BBC2A4-A572-4C50-8090-39304618A3D3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{672E82DC-3152-42A7-A3BB-9DBB84007538}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{9E0AAC1B-2535-403A-A03B-3D76B551CFC0}" = protocol=6 | dir=in | app=e:\tobit clipinc\player\clipinc-player.exe | 
"{A27639F6-9DAD-475F-8879-FF839CCA84A6}" = dir=in | app=c:\program files\avg\avg8\avgnsx.exe | 
"{A2CB7694-C3A5-4398-8624-697E2AB98A26}" = protocol=17 | dir=in | app=e:\tobit clipinc\server\clipinc-server.exe | 
"{A9473613-C196-4F8F-908E-E184A7CAD75E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{AB85B8B4-D5AC-4000-A914-90F779E80A57}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C11D1CBF-F922-4A1B-9F80-583DC0D049FE}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{C42598A6-47DF-41B4-B820-C5193F524D10}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{D70EB1AA-B8A9-4A6F-9F15-D64D98C4BC82}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{D95B3F87-F376-4806-B0D1-F8A9BFDFA592}" = protocol=17 | dir=in | app=e:\tobit clipinc\player\clipinc-player.exe | 
"{DE398B46-1E1E-4775-B7F8-142FA40BE728}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe | 
"{EDFF3588-652A-4464-A161-9FEB3A68D58D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{EFD37496-C293-49A0-90AC-2ACA69B61360}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}" = ElsterFormular 2008/2009
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0FF1922C-B6C4-40BB-AF30-BEF75A482444}" = Nokia Connectivity Cable Driver
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP630_series" = Canon MP630 series MP Drivers
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{1B58C9D2-1925-413F-B29A-C4E7596C43F5}" = Nokia PC Suite
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java(TM) 6 Update 30
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{2B11BA9C-7F97-4C16-970F-1491FD77969B}_is1" = GutscheinRausch.de - AddOn für Firefox
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4ACF5CB8-CADE-42C9-B3D3-B8751A2CDFD6}" = Toshiba TEMPO
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{5980B928-1C95-4B3E-957B-B02D8147FF9E}" = Desktop SMS
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}" = TOSHIBA ConfigFree
"{821D6F49-1B20-4809-8C73-286CFC52B1B1}" = Samsung Auto Backup
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Matrix Storage Manager
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A6D4234C-CB02-4048-AC3E-AD09404FA35A}" = Emdedded IR Driver
"{AC76BA86-7AD7-1031-7B44-A70900000002}" = Adobe Reader 7.0.9 - Deutsch
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{C233D370-4B1A-4F6F-BD55-16B0C131335B}_is1" = Batch DOCX to DOC Converter 2009
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBCD1FF1-6127-41A5-ABF3-D8C494E59094}" = SA31xx Device Manager & Media Converter
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D8E4A66D-DB68-481F-ABA8-AC622566D4CB}" = PC Connectivity Solution
"{DB780B85-B4B5-4864-A49C-9B706B169C93}" = TIPCI
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe
"{E572B060-C98B-4984-A48E-E4FA56265903}" = SA31xx Device Manager & Media Converter
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F5FB4B71-6301-11D4-9AD1-00A0C9B0C5F6}" = InfoBibliothek
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F9D54D77-01A4-7D34-6F3C-EDC9F8F466E3}" = Fragen-Lern-CD 4.0
"{FD9C31B6-F572-414D-81E3-89368C97A125}_is1" = CamStudio OSS Desktop Recorder
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"6315-1853-9670-8217" = Polysun Demo 5.8.6.15775
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"AVG9Uninstall" = AVG Free 9.0
"Canon MP630 series Benutzerregistrierung" = Canon MP630 series Benutzerregistrierung
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"de.3m5.wendel.flcd.FLCDB.4E7DF207D694E815646D9C9DD7DC91A41EB7FD23.1" = Fragen-Lern-CD 4.0
"Digital Editions" = Adobe Digital Editions
"dm-Fotowelt" = dm-Fotowelt
"doPDF 5  printer_is1" = doPDF 5.3  printer
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"ElsterFormular für Privatanwender 12.0.0.5880p" = ElsterFormular-Update
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition 2.0.0.1 (D)
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisorkennwort
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{A6D4234C-CB02-4048-AC3E-AD09404FA35A}" = Emdedded IR Driver
"InstallShield_{DB780B85-B4B5-4864-A49C-9B706B169C93}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"MAGIX Digital Foto Maker SE D" = MAGIX Digital Foto Maker SE 4.1.0.835 (D)
"MAGIX Foto Suite D" = MAGIX Foto Suite 1.12.0.89 (D)
"MAGIX Online Druck Service D" = MAGIX Online Druck Service 2.3.2.0 (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de)
"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
"NAVIGON Fresh" = NAVIGON Fresh 3.3.0
"nwwfo" = Favorit
"PVProfit" = PVProfit
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"Windows Media Encoder 9" = Windows Media Encoder 9-Reihe
"WinRAR archiver" = WinRAR
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >

--- --- ---

3. CCleaner:

Code:

ATTFilter

 Adobe AIR	Adobe Systems Inc.	22.02.2011	29,4MB	2.5.1.17730
Adobe Digital Editions		21.01.2012	13,4MB	
Adobe Download Manager	NOS Microsystems Ltd.	21.08.2010	0,37MB	1.6.2.87
Adobe Flash Player 10 ActiveX	Adobe Systems Incorporated	18.03.2010		10.0.45.2
Adobe Flash Player 11 Plugin	Adobe Systems Incorporated	06.04.2012		11.2.202.228
Adobe Photoshop 7.0	Adobe Systems, Inc.	04.11.2007	144,8MB	7.0
Adobe Reader 7.0.9 - Deutsch	Adobe Systems Incorporated	15.04.2007	78,2MB	7.0.9
ALPS Touch Pad Driver	ALPS ELECTRIC CO., LTD	04.11.2007		7.0.301.4
Atheros Driver Installation Program	Atheros	04.11.2007	4,00KB	7.1
AVG Free 9.0	AVG Technologies	22.12.2009	59,5MB	
Batch DOCX to DOC Converter 2009	Batchwork Software	12.01.2010	4,62MB	
Bluetooth Stack for Windows by Toshiba		15.04.2007	54,7MB	v5.10.06(T)
CamStudio OSS Desktop Recorder	CamStudio Open Source Dev Team	04.08.2011	15,0MB	2.6 Beta r294
Canon MP Navigator EX 2.0		25.10.2009	69,6MB	
Canon MP630 series Benutzerregistrierung		25.10.2009	0,52MB	
Canon MP630 series MP Drivers		25.10.2009		
Canon Utilities Easy-PhotoPrint EX		25.10.2009	206MB	
Canon Utilities My Printer		25.10.2009	2,39MB	
Canon Utilities Solution Menu		25.10.2009	1,93MB	
CCleaner	Piriform	30.04.2012	4,47MB	3.18
CD-LabelPrint		25.10.2009	11,7MB	
CD/DVD Drive Acoustic Silencer	TOSHIBA	04.11.2007	0,45MB	2.00.02
Compatibility Pack for the 2007 Office system	Microsoft Corporation	12.01.2010	121,7MB	12.*.****.5001
Compatibility Pack für 2007 Office System	Microsoft Corporation	07.06.2010	68,9MB	12.*.****.5001
Desktop SMS	IDM	14.10.2007	15,2MB	1.2.0
dm-Fotowelt		22.01.2011	472MB	
doPDF 5.3  printer	Softland	09.01.2008	1,22MB	
DVD MovieFactory for TOSHIBA	Ulead Systems, Inc.	04.11.2007	252MB	5.3
ElsterFormular 2008/2009	Steuerverwaltung des Bundes und der Länder	13.02.2009	159,0MB	10.0.0.0
ElsterFormular-Update	Landesfinanzdirektion Thüringen	30.12.2011	4.624MB	1.0
Emdedded IR Driver	Compal Electronics, Inc.	11.07.2007	0,89MB	0.0.0.6C
Favorit		21.08.2009		
Firebird SQL Server - MAGIX Edition 2.0.0.1 (D)	MAGIX AG	15.04.2007	6,65MB	2.0.0.1
Fragen-Lern-CD 4.0	Wendel-Verlag GmbH	22.02.2011	18,5MB	4.0.1
GutscheinRausch.de - AddOn für Firefox	GutscheinRausch.de	28.01.2012	96,00KB	2.81
InfoBibliothek	Akademische Arbeitsgemeinschaft	09.11.2007	2,17MB	
Intel Matrix Storage Manager		04.11.2007	37,1MB	
Intel(R) Graphics Media Accelerator Driver		04.11.2007		
Java(TM) 6 Update 30	Oracle	17.12.2011	95,2MB	6.0.300
Java(TM) SE Runtime Environment 6	Sun Microsystems, Inc.	15.04.2007	114,6MB	1.6.0.0
MAGIX Digital Foto Maker SE 4.1.0.835 (D)	MAGIX AG	15.04.2007	240MB	4.1.0.835
MAGIX Foto Suite 1.12.0.89 (D)	MAGIX AG	15.04.2007	122,4MB	1.12.0.89
MAGIX Online Druck Service 2.3.2.0 (D)	MAGIX AG	15.04.2007	9,35MB	2.3.2.0
Malwarebytes Anti-Malware Version 1.61.0.1400	Malwarebytes Corporation	28.04.2012	11,7MB	1.61.0.1400
Microsoft .NET Framework 1.1		13.12.2007		
Microsoft .NET Framework 1.1 German Language Pack	Microsoft	04.11.2007	3,02MB	1.1.4322
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU	Microsoft Corporation	17.08.2009	37,0MB	
Microsoft .NET Framework 3.5 SP1	Microsoft Corporation	08.08.2009	37,0MB	
Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	30.04.2012	120,3MB	4.0.30319
Microsoft .NET Framework 4 Client Profile DEU Language Pack	Microsoft Corporation	30.04.2012	24,5MB	4.0.30319
Microsoft Office XP Professional mit FrontPage	Microsoft Corporation	19.11.2007	468MB	10.0.2701.0
Microsoft Silverlight	Microsoft Corporation	06.07.2011	20,4MB	4.0.60531.0
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	22.12.2009	0,33MB	8.0.59193
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729	Microsoft Corporation	16.03.2010	0,58MB	9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17	Microsoft Corporation	22.08.2009	0,58MB	9.0.30729
Mozilla Firefox 11.0 (x86 de)	Mozilla	24.03.2012	36,5MB	11.0
MSXML 4.0 SP2 (KB927978)	Microsoft Corporation	11.07.2007	1,25MB	4.**.****.0
MSXML 4.0 SP2 (KB936181)	Microsoft Corporation	13.12.2007	1,28MB	4.**.****.0
MSXML 4.0 SP2 (KB954430)	Microsoft Corporation	19.11.2008	1,29MB	4.**.****.0
MSXML 4.0 SP2 (KB973688)	Microsoft Corporation	26.12.2009	1,35MB	4.**.****.0
NAVIGON Fresh 3.3.0	NAVIGON	24.04.2011	66,9MB	3.3.0
Nokia Connectivity Cable Driver	Nokia	04.11.2007	0,83MB	6.82.4.0
Nokia PC Suite	Nokia	04.11.2007	32,7MB	6.82.20.2
PC Connectivity Solution	Nokia	04.11.2007	6,29MB	6.43.8.0
Polysun Demo 5.8.6.15775	Vela Solaris AG	04.02.2012	474MB	5.8.6.15775
PVProfit		14.02.2012	3,66MB	
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista	Realtek	11.07.2007	4,59MB	1.00.0000
Realtek High Definition Audio Driver	Realtek Semiconductor Corp.	14.10.2007	15,4MB	6.0.1.5477
SA31xx Device Manager & Media Converter	Philips	04.11.2007	36,5MB	0.3
Samsung Auto Backup	Clarus	14.02.2011	19,4MB	4.1.371.0
Synaptics Pointing Device Driver	Synaptics Incorporated	26.12.2009	20,9MB	12.2.11.0
Texas Instruments PCIxx21/x515/xx12 drivers.	Ihr Firmenname	15.04.2007	0,94MB	2.00.0001
TOSHIBA Assist		04.11.2007	1,21MB	2.01.02
TOSHIBA ConfigFree	TOSHIBA	14.10.2007	39,6MB	7.00.32
TOSHIBA Disc Creator	TOSHIBA Corporation	11.07.2007	9,68MB	2.0.0.8
TOSHIBA DVD PLAYER	TOSHIBA Corporation	04.11.2007	20,4MB	1.10.13
TOSHIBA Extended Tiles for Windows Mobility Center	Toshiba	15.04.2007	1,28MB	1.01.00
TOSHIBA Flash Cards Support Utility	TOSHIBA	15.04.2007		1.48.0.3C
TOSHIBA Hardware Setup	TOSHIBA	11.07.2007		1.48.0.11C
Toshiba Online Product Information	TOSHIBA	14.10.2007	5,51MB	1.00.0012
TOSHIBA SD Memory Utilities	TOSHIBA	15.04.2007	1,61MB	1.8.1.1
TOSHIBA Software Modem	Agere Systems	14.10.2007		2.1.77 (SM2177ALD04)
TOSHIBA Supervisorkennwort	TOSHIBA	15.04.2007		1.48.0.8C
Toshiba TEMPO	Toshiba Europe GmbH	03.01.2008	7,10MB	1.0
TOSHIBA Value Added Package	TOSHIBA Corporation	14.10.2007	48,00KB	1.0.28
Windows Media Encoder 9-Reihe		15.04.2007	13,7MB	
WinRAR		24.11.2007	3,66MB

Danke und Viele Grüße

kira · 01.05.2012, 22:43

Systemreinigung und Prüfung:

1.
Deinstalliere:

Zitat:

Favorit <- Adware -Navipromo
GutscheinRausch.de <- wenn nicht benötigst

2.
Windows Defender abschalten:
Neben 1 AV-Scanner und 1 Firewall garnix erst nötig und nicht Empfehlenswert aktiv laufen lassen, weil dadurch können sich in die Quere kommen. Bitte dich ihn so zu deaktivieren: -> Aktivieren und Deaktivieren von Windows Defender
► Nach einem Neustart (falls noch existirt) unter "Start-> ausführen-> "msconfig" (reinschreiben ohne ""-> OK -> Systemstart kontrolliere, ob mitläuft?! - ggf Häckhen rausnehmen
► Unter Dienste:
Start -> Ausführen -> "Services.msc" -> (reinschreiben ohne ""-> OK" - "Eigenschaften"-> Starttyp "Deaktiviert" auswählen

3.

Zitat:

Achtung wichtig!:
Falls Du selber im Logfile Änderungen vorgenommen hast, musst Du durch die Originalbezeichnung ersetzen und so in Script einfügen! sonst funktioniert nicht!
(Benutzerordner, dein Name oder sonstige Änderungen durch X, Stern oder andere Namen ersetzt)

Fixen mit OTL

Starte die OTL.exe.
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Kopiere folgendes Skript also - nach dem "Code", alles was in der Codebox steht:

Code:

ATTFilter

:OTL
IE - HKLM\..\SearchScopes,DefaultScope = {2C5BAA34-F8C4-42C0-80CE-02A267502AE7}
IE - HKLM\..\SearchScopes\{2C5BAA34-F8C4-42C0-80CE-02A267502AE7}: "URL" = http://www.google.de/search?q={searchTerms}&rls=com.microsoft:*:IE-SearchBox&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7;
IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch
IE - HKCU\..\SearchScopes\{0F36E18A-6296-4333-9D99-269AAFE3D111}_Search Solver: "URL" = http://www.search-solver.com/?t=Q0908221719&s=b&keywords={searchTerms}
IE - HKCU\..\SearchScopes\{2C5BAA34-F8C4-42C0-80CE-02A267502AE7}: "URL" = http://www.google.de/search?q={searchTerms}&rls=com.microsoft:*:IE-SearchBox&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7;
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={D056E45D-88C7-40CA-9340-DC2BFFB44DE9}&mid=4258a7e80e4df4355e997e37031c912e-89a0743544eb25f6fe1a70e6c7689c0422b59eb7&lang=de&ds=AVG&pr=fr&d=2011-12-03 17:21:13&v=10.0.0.7&sap=dsp&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2546759&SearchSource=3&q={searchTerms}"
FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.227.0
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll File not found
[2011.05.10 09:39:15 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Analyst\AppData\Roaming\mozilla\Firefox\Profiles\tlzq1cc7.default\extensions\engine@conduit.com
[2010.03.24 16:15:10 | 000,000,921 | ---- | M] () -- C:\Users\Analyst\AppData\Roaming\Mozilla\Firefox\Profiles\tlzq1cc7.default\searchplugins\conduit.xml
[2011.03.15 22:47:11 | 000,001,583 | ---- | M] () -- C:\Users\Analyst\AppData\Roaming\Mozilla\Firefox\Profiles\tlzq1cc7.default\searchplugins\web-search.xml
[2012.02.17 00:15:13 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.17 00:15:13 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.02.17 00:15:13 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.17 00:15:13 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.17 00:15:13 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {965B54B0-71E0-4611-8DE7-F73FA0B20E26} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O4 - HKCU..\Run: [Winsweep]  File not found
O4 - HKCU..\Run: [Winsweep Popupblocker]  File not found
O9 - Extra Button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} - hxxp://rover.ebay.com/rover/1/707-44556-9400-3/4 File not found
O9 - Extra Button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} - hxxp://www.amazon.de/exec/obidos/redirect-home?tag=Toshibadebholink-21&site=home File not found
O9 - Extra Button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - hxxp://www.webtip.ch/cgi-bin/toshiba/tracker_url_de.pl?hxxp://www.ebay.de/ File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{0c920310-8d66-11dc-853d-001b384c250f}\Shell - "" = AutoRun
O33 - MountPoints2\{0c920310-8d66-11dc-853d-001b384c250f}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -a
O33 - MountPoints2\{666ef152-0265-11de-b51c-001b384c250f}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL \TestPersonal\Testpersonal.exe
O33 - MountPoints2\{6dcf734b-2920-11df-b73c-001b384c250f}\Shell - "" = AutoRun
O33 - MountPoints2\{6dcf734b-2920-11df-b73c-001b384c250f}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -a
O33 - MountPoints2\{9a28f430-ca2a-11de-a85e-001b384c250f}\Shell\AutoRun\command - "" = D:\setupSNK.exe
O33 - MountPoints2\{cd54ccde-72df-11df-a383-001b384c250f}\Shell\AutoRun\command - "" = D:\PrivacyDongle-Windows.exe
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\LaunchU3.exe -a
[2012.04.29 09:25:01 | 000,000,016 | ---- | M] () -- C:\ProgramData\wkirjnexyigxavkrtxytmjcnngajnqaf
[2012.04.28 14:23:47 | 000,000,016 | ---- | C] () -- C:\ProgramData\wkirjnexyigxavkrtxytmjcnngajnqaf
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:F3D5B2AD

:Files
C:\ProgramData\wkirjnexyigxavkrtxytmjcnngajnqaf
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]

und füge es hier ein:
Schließe alle Programme.
Klicke auf den Fix Button.
Klick auf .
OTL verlangt einen Neustart. Bitte zulassen.
Nach dem Neustart findest Du ein Textdokument.
Kopiere den Inhalt hier in Deinen Thread.

4.
läuft unter XP, Vista mit (32Bit) und Windows 7 (32Bit)
Achtung!:
WENN GMER NICHT AUSGEFÜHRT WERDEN KANN ODER PROBMLEME VERURSACHT, fahre mit dem nächsten Punkt fort!- Es ist NICHT sinnvoll einen zweiten Versuch zu starten!
Um einen tieferen Einblick in dein System, um eine mögliche Infektion mit einem Rootkit/Info v.wikipedia.org) aufzuspüren, werden wir ein Tool - Gmer - einsetzen :

- also lade Dir Gmer herunter und entpacke es auf deinen Desktop
- starte gmer.exe
- [b]schließe alle Programme, ausserdem Antiviren und andere Schutzprogramme usw müssen deaktiviert sein, keine Verbindung zum Internet, WLAN auch trennen)
- bitte nichts am Pc machen während der Scan läuft!
- klicke auf "Scan", um das Tool zu starten
- wenn der Scan fertig ist klicke auf "Copy" (das Log wird automatisch in die Zwischenablage kopiert) und mit STRG + V musst Du gleich da einfügen
- mit "Ok" wird GMER beendet.
- das Log aus der Zwischenablage hier in Deinem Thread vollständig hineinkopieren

** keine Verbindung zu einem Netzwerk und Internet - WLAN nicht vergessen
Wenn der Scan beendet ist, bitte alle Programme und Tools wieder aktivieren!
Anleitung:-> GMER - Rootkit Scanner

5.
Kontrolle mit MBR -t, ob Master Boot Record in Ordnung ist (MBR-Rootkit)

Mit dem folgenden Tool prüfen wir, ob sich etwas Schädliches im Master Boot Record eingenistet hat.

Downloade die MBR.exe von Gmer und
kopiere die Datei mbr.exe in den Ordner C:\Windows\system32.
Falls Du den Ordner nicht sehen kannst, diese Einstellungen in den Ordneroptionen vornehmen.
Start => ausführen => cmd (da reinschreiben) => OK
es öffnet sich eine Eingabeaufforderung.

Vista- und Windows 7-User: Start => Alle Programme => Zubehör => Rechtsklick auf Eingabeaufforderung und wähle Als Administrator ausführen.
Nach dem Prompt (>_) folgenden

aus der Codebox manuell eingeben oder alternativ den mit STRG + C ins Clipboard kopieren und einfügen.
Einfügen in der Eingabeaufforderung: in der Titelleiste einen Rechtsklick machen => Bearbeiten => einfügen.
Code:
ATTFilter
```
mbr.exe -t > C:\mbr.log & C:\mbr.log
         
```
(Enter drücken)
Nach kurzer Zeit wird sich Dein Editor öffnen und die Datei C:\mbr.log beinhalten.
Bitte kopiere den Inhalt hier in Deinen Thread.

6.
Deine Javaversion ist nicht aktuell!
Da aufgrund alter Sicherheitslücken ist Java sehr anfällig, deinstalliere zunächst alle vorhandenen Java-Versionen:
→ Systemsteuerung → Software → deinstallieren...
→ Rechner neu aufstarten
→ Downloade nun die Offline-Version von Java "Empfohlen Version 6 Update 31 " von Oracle herunter
Achte darauf, eventuell angebotene Toolbars abwählen (den Haken bei der Toolbar entfernen)!

7.
Adobe Reader aktualisieren :
- Bei Installation aufpassen/mitlesen!: Wenn irgendeine Software, Toolbar etc angeboten wird, bitte abwählen! - (z.B "McAfee Security Scan Plus")
Adobe Reader
Oder: Adobe starten-> gehe auf "Hilfe"-> "Nach Update suchen..."

8.
Tipps (unabhängig davon ob man den Internet Explorer benutzt oder nicht!):
-> Tipps zu Internet Explorer
-> Standard Suchmaschine des Explorers ändern
-> Wie kann ich den Cache im Internet Explorer leeren?

9.
reinige dein System mit CCleaner:

"CCleaner"→ "Analysieren"→ Klick auf den Button "Start CCleaner"
"Registry""Fehler suchen"→ "Fehler beheben"→ "Alle beheben"
Starte dein System neu auf

10.
erneut einen Scan mit OTL:

Doppelklick auf die OTL.exe
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Oben findest Du ein Kästchen mit Ausgabe.
Wähle bitte Standard-Ausgabe
Unter Extra-Registrierung wähle bitte Benutze SafeList.
Mache Häckchen bei LOP- und Purity-Prüfung.
Klicke nun auf Scan links oben.
Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
Poste die Logfiles in Code-Tags hier in den Thread.

Zitat:

► Berichte mir kurz über alle Umsetzungsschritte (zu jedem Punkt), die Du erledigt hast!

charly2000 · 05.05.2012, 20:07

Hallo Kira,

zu 1) GutscheinRausch.de => deinstalliert

Nach Punkt 1) habe ich Neustart gemacht, dabei hat Windows (Vista) insgesamt 7(!) Updatepakete installiert. Deshalb habe ich OTL noch mal neu gemacht und die Dateien OTL(Neu).TXT und Extras(Neu).TXT nachfolgend nochmal reingehangen. => Ich weis nicht, ob die Updates Auswirkungen auf Punkt 3) haben.

OTL(Neu).TXT

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 05.05.2012 20:11:39 - Run 2
OTL by OldTimer - Version 3.2.42.2     Folder = C:\Users\Steffen\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 0,95 Gb Available Physical Memory | 47,86% Memory free
4,21 Gb Paging File | 3,11 Gb Available in Paging File | 73,86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74,52 Gb Total Space | 7,85 Gb Free Space | 10,53% Space Free | Partition Type: NTFS
Drive E: | 73,06 Gb Total Space | 51,77 Gb Free Space | 70,86% Space Free | Partition Type: NTFS
 
Computer Name: STEFFEN-PC | User Name: Steffen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Steffen\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG Secure Search\vprot.exe ()
PRC - C:\Programme\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\Clarus\Samsung Auto Backup\ISFTimerD.exe (Clarus, Inc.)
PRC - C:\Programme\Clarus\Samsung Auto Backup\ISFRealTimeD.exe (Clarus, Inc.)
PRC - C:\Programme\Clarus\Samsung Auto Backup\ISFGuage.exe (Clarus, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Synaptics\SynTP\SynToshiba.exe (Synaptics Incorporated)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Toshiba TEMPO\TempoSVC.exe (Toshiba Europe GmbH)
PRC - C:\Programme\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
PRC - C:\Programme\TOSHIBA\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION)
PRC - C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
PRC - C:\Programme\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
PRC - C:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
PRC - C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Programme\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
PRC - C:\Programme\TOSHIBA\Utilities\KeNotify.exe ()
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
PRC - C:\Programme\Common Files\microsoft shared\VS7Debug\mdm.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d48e106e015d0f8cb2d5295015cee508\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\09b9cd1c630210237b5b46d9943e1946\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\61759b9905aed9a87347d04b5fad046b\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a8100864c7dd9ecf5d9f07fdaf5ba246\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\89b3b18de5d2cc945c24c0333d78f665\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1e258a951222c818540b33880ca45f2e\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\TCrdMain\d20a10ce0db1ff6cf948b2988f27a836\TCrdMain.ni.exe ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c50133cb67d7c013fa31e1ffb942060b\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll ()
MOD - C:\Programme\AVG Secure Search\vprot.exe ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Programme\WinRAR\RarExt.dll ()
MOD - C:\Windows\System32\igfxTMM.dll ()
MOD - C:\Programme\TOSHIBA\FlashCards\de\TCrdMain.resources.dll ()
MOD - C:\Programme\TOSHIBA\TBS\NotifyTBS.dll ()
MOD - C:\Programme\TOSHIBA\FlashCards\TWarnMsg\TWarnMsg.dll ()
MOD - C:\Programme\TOSHIBA\PCDiag\NotifyPCD.dll ()
MOD - C:\Programme\TOSHIBA\Utilities\KeNotify.exe ()
MOD - C:\Programme\TOSHIBA\TOSHIBA Assist\NotifyX.dll ()
MOD - C:\Programme\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (TOSHIBA Bluetooth Service) -- c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe File not found
SRV - (avg9wd) -- C:\Programme\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AVG Security Toolbar Service) -- C:\Programme\AVG\AVG9\Toolbar\ToolbarBroker.exe ()
SRV - (nosGetPlusHelper) getPlus(R) -- C:\Programme\NOS\bin\getPlus_Helper_3004.dll (NOS Microsystems Ltd.)
SRV - (getPlusHelper) -- C:\Programme\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (TempoMonitoringService) -- C:\Programme\Toshiba TEMPO\TempoSVC.exe (Toshiba Europe GmbH)
SRV - (TNaviSrv) -- C:\Programme\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
SRV - (TosCoSrv) -- C:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV - (IAANTMON) Intel(R) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (CFSvcs) -- C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (ServiceLayer) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (UleadBurningHelper) -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe (MAGIX®)
SRV - (MDM) -- C:\Programme\Common Files\microsoft shared\VS7Debug\mdm.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (vnet) -- system32\DRIVERS\virtualnet.sys File not found
DRV - (vflt) -- system32\DRIVERS\vfilter.sys File not found
DRV - (TpChoice) -- system32\DRIVERS\TpChoice.sys File not found
DRV - (Tosrfcom) --  File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (AvgMfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgTdiX) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgLdx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (TVALZ) -- C:\Windows\System32\drivers\TVALZ_O.SYS (TOSHIBA Corporation)
DRV - (tos_sps32) -- C:\Windows\System32\drivers\tos_sps32.sys (TOSHIBA Corporation)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )
DRV - (CplIR) -- C:\Windows\System32\drivers\CplIR.sys (COMPAL ELECTRONIC INC.)
DRV - (tifm21) -- C:\Windows\System32\drivers\tifm21.sys (Texas Instruments)
DRV - (KR10N) -- C:\Windows\System32\drivers\KR10N.sys (TOSHIBA CORPORATION)
DRV - (KR10I) -- C:\Windows\System32\drivers\KR10I.sys (TOSHIBA CORPORATION)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (tosrfec) -- C:\Windows\System32\drivers\tosrfec.sys (TOSHIBA Corporation)
DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV - (Nokia USB Phone Parent) -- C:\Windows\System32\drivers\nmwcd.sys (Nokia)
DRV - (Nokia USB Port) -- C:\Windows\System32\drivers\nmwcdcj.sys (Nokia)
DRV - (Nokia USB Modem) -- C:\Windows\System32\drivers\nmwcdcm.sys (Nokia)
DRV - (Nokia USB Generic) -- C:\Windows\System32\drivers\nmwcdc.sys (Nokia)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (LPCFilter) -- C:\Windows\System32\drivers\LPCFilter.sys (COMPAL ELECTRONIC INC.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {2C5BAA34-F8C4-42C0-80CE-02A267502AE7}
IE - HKLM\..\SearchScopes\{2C5BAA34-F8C4-42C0-80CE-02A267502AE7}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rls=com.microsoft:*:IE-SearchBox&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7;
IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch
IE - HKCU\..\SearchScopes\{0F36E18A-6296-4333-9D99-269AAFE3D111}_Search Solver: "URL" = hxxp://www.search-solver.com/?t=Q0908221719&s=b&keywords={searchTerms}
IE - HKCU\..\SearchScopes\{2C5BAA34-F8C4-42C0-80CE-02A267502AE7}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rls=com.microsoft:*:IE-SearchBox&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7;
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={D056E45D-88C7-40CA-9340-DC2BFFB44DE9}&mid=4258a7e80e4df4355e997e37031c912e-89a0743544eb25f6fe1a70e6c7689c0422b59eb7&lang=de&ds=AVG&pr=fr&d=2011-12-03 17:21:13&v=10.0.0.7&sap=dsp&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.defaultthis.engineName: "sporthdtv Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2546759&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://google.de"
FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.227.0
FF - prefs.js..extensions.enabledItems: {00b2f024-4c9d-4f95-88b9-de678d1de316}:2.5.8.6
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.87
FF - prefs.js..extensions.enabledItems: avg@igeared:6.103.018.001
FF - prefs.js..keyword.URL: "hxxp://isearch.avg.com/search?cid=%7B457a1ed1-5f1c-4ac4-8aa7-ee17ca72491a%7D&mid=4258a7e80e4df4355e997e37031c912e-89a0743544eb25f6fe1a70e6c7689c0422b59eb7&ds=AVG&v=10.0.0.7&lang=de&pr=fr&d=2011-12-03%2017%3A21%3A13&sap=ku&q="
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_228.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2011.08.10 18:48:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\10.0.0.7\ [2012.01.16 20:38:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.03.25 19:53:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.12.18 22:59:03 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mail@gutscheinrausch.de: C:\Users\Steffen\AppData\Roaming\Mozilla\Firefox\Profiles\tlzq1cc7.default\extensions\mail@gutscheinrausch.de [2012.01.29 13:40:06 | 000,000,000 | ---D | M]
 
[2010.01.19 20:21:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steffen\AppData\Roaming\mozilla\Extensions
[2012.05.05 19:25:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steffen\AppData\Roaming\mozilla\Firefox\Profiles\tlzq1cc7.default\extensions
[2012.05.01 21:10:12 | 000,000,000 | ---D | M] (sporthdtv Community Toolbar) -- C:\Users\Steffen\AppData\Roaming\mozilla\Firefox\Profiles\tlzq1cc7.default\extensions\{00b2f024-4c9d-4f95-88b9-de678d1de316}
[2010.10.01 15:01:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Steffen\AppData\Roaming\mozilla\Firefox\Profiles\tlzq1cc7.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.08.22 14:49:52 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\Steffen\AppData\Roaming\mozilla\Firefox\Profiles\tlzq1cc7.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2012.03.26 21:18:36 | 000,000,000 | ---D | M] (FoxLingo) -- C:\Users\Steffen\AppData\Roaming\mozilla\Firefox\Profiles\tlzq1cc7.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}
[2011.05.10 09:39:15 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Steffen\AppData\Roaming\mozilla\Firefox\Profiles\tlzq1cc7.default\extensions\engine@conduit.com
[2012.01.29 13:40:06 | 000,000,000 | ---D | M] (Gutscheinrausch.de) -- C:\Users\Steffen\AppData\Roaming\mozilla\Firefox\Profiles\tlzq1cc7.default\extensions\mail@gutscheinrausch.de
[2012.05.05 19:26:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steffen\AppData\Roaming\mozilla\Firefox\Profiles\tlzq1cc7.default\extensions\staged
[2010.03.24 16:15:10 | 000,000,921 | ---- | M] () -- C:\Users\Steffen\AppData\Roaming\Mozilla\Firefox\Profiles\tlzq1cc7.default\searchplugins\conduit.xml
[2011.03.15 22:47:11 | 000,001,583 | ---- | M] () -- C:\Users\Steffen\AppData\Roaming\Mozilla\Firefox\Profiles\tlzq1cc7.default\searchplugins\web-search.xml
[2012.01.01 15:10:12 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.01.16 20:38:18 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\10.0.0.7
() (No name found) -- C:\USERS\STEFFEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TLZQ1CC7.DEFAULT\EXTENSIONS\{DD05FD3D-18DF-4CE4-AE53-E795339C5F01}.XPI
[2012.03.25 19:52:59 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.12.18 22:58:01 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.02.17 00:15:13 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.01.16 20:37:41 | 000,003,766 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012.02.17 00:15:13 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.02.17 00:15:13 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.17 00:15:13 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.17 00:15:13 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.17 00:15:13 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Programme\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Programme\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {965B54B0-71E0-4611-8DE7-F73FA0B20E26} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O4 - HKLM..\Run: [00TCrdMain] C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Programme\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HSON] C:\Programme\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [HWSetup] \HWSetup.exe hwSetUP File not found
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [KeNotify] C:\Programme\TOSHIBA\Utilities\KeNotify.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [ROC_roc_dec12] C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmoothView] C:\Programme\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA)
O4 - HKLM..\Run: [TPwrMain] C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [TOSCDSPD] TOSCDSPD.EXE File not found
O4 - HKCU..\Run: [Winsweep]  File not found
O4 - HKCU..\Run: [Winsweep Popupblocker]  File not found
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Steffen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Auto Backup Guage.lnk = C:\Programme\Clarus\Samsung Auto Backup\ISFGuage.exe (Clarus, Inc.)
O4 - Startup: C:\Users\Steffen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Auto Backup Real-Time Daemon.lnk = C:\Programme\Clarus\Samsung Auto Backup\ISFRealTimeD.exe (Clarus, Inc.)
O4 - Startup: C:\Users\Steffen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Auto Backup Scheduler.lnk = C:\Programme\Clarus\Samsung Auto Backup\ISFTimerD.exe (Clarus, Inc.)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} - hxxp://rover.ebay.com/rover/1/707-44556-9400-3/4 File not found
O9 - Extra Button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} - hxxp://www.amazon.de/exec/obidos/redirect-home?tag=Toshibadebholink-21&site=home File not found
O9 - Extra Button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - hxxp://www.webtip.ch/cgi-bin/toshiba/tracker_url_de.pl?hxxp://www.ebay.de/ File not found
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AAA64D87-2456-4D7E-ADAD-38A22530F209}: NameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D0DACA61-45DF-496A-93A2-362873DBB8BA}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Common Files\microsoft shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Programme\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll ()
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Steffen\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Steffen\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0c920310-8d66-11dc-853d-001b384c250f}\Shell - "" = AutoRun
O33 - MountPoints2\{0c920310-8d66-11dc-853d-001b384c250f}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -a
O33 - MountPoints2\{666ef152-0265-11de-b51c-001b384c250f}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL \TestPersonal\Testpersonal.exe
O33 - MountPoints2\{6dcf734b-2920-11df-b73c-001b384c250f}\Shell - "" = AutoRun
O33 - MountPoints2\{6dcf734b-2920-11df-b73c-001b384c250f}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -a
O33 - MountPoints2\{9a28f430-ca2a-11de-a85e-001b384c250f}\Shell\AutoRun\command - "" = D:\setupSNK.exe
O33 - MountPoints2\{cd54ccde-72df-11df-a383-001b384c250f}\Shell\AutoRun\command - "" = D:\PrivacyDongle-Windows.exe
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.05.05 19:27:01 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.05.01 18:00:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012.05.01 18:00:40 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.05.01 17:46:37 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Steffen\Desktop\OTL.exe
[2012.05.01 13:12:02 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2012.04.29 15:04:07 | 000,000,000 | ---D | C] -- C:\Windows\Internet Logs
[2012.04.29 11:57:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.04.29 11:57:23 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.04.28 22:26:22 | 000,000,000 | ---D | C] -- C:\Program Files\Ashampoo
[2012.04.28 18:14:10 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Roaming\Malwarebytes
[2012.04.28 18:14:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.04.28 18:14:05 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.04.14 20:54:41 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.04.14 20:54:39 | 001,799,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.04.14 20:54:38 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.04.14 20:54:38 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.04.14 20:54:38 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.04.14 20:54:37 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.04.14 20:54:01 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012.04.14 20:54:01 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012.04.14 20:47:54 | 002,044,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.04.14 20:47:52 | 000,613,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpencom.dll
[2012.04.14 20:47:25 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2012.04.14 20:47:25 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2012.04.14 20:47:25 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2012.04.14 20:47:25 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2012.04.14 20:47:25 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2012.04.07 11:20:32 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.04.07 11:20:32 | 000,070,304 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.05.05 19:54:02 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.05.05 19:54:02 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.05.05 19:54:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.05.05 19:53:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.05.05 19:53:49 | 2137,448,448 | -HS- | M] () -- C:\hiberfil.sys
[2012.05.05 19:49:46 | 000,638,748 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.05.05 19:49:46 | 000,604,324 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.05.05 19:49:46 | 000,130,668 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.05.05 19:49:46 | 000,107,760 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.05.05 19:19:24 | 097,215,246 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2012.05.01 18:00:42 | 000,000,809 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.05.01 17:46:09 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Steffen\Desktop\OTL.exe
[2012.04.29 11:57:39 | 000,000,911 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.04.29 09:25:01 | 000,000,016 | ---- | M] () -- C:\ProgramData\wkirjnexyigxavkrtxytmjcnngajnqaf
[2012.04.29 09:15:31 | 000,001,356 | ---- | M] () -- C:\Users\Steffen\AppData\Local\d3d9caps.dat
[2012.04.14 21:03:10 | 000,275,176 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.04.09 11:41:28 | 229,386,216 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.04.07 11:20:32 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.04.07 11:20:32 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.05.01 18:00:42 | 000,000,809 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.04.29 11:57:39 | 000,000,911 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.04.29 11:48:32 | 2137,448,448 | -HS- | C] () -- C:\hiberfil.sys
[2012.04.28 14:23:47 | 000,000,016 | ---- | C] () -- C:\ProgramData\wkirjnexyigxavkrtxytmjcnngajnqaf
[2012.04.07 11:20:57 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.01.29 13:39:59 | 000,338,432 | ---- | C] () -- C:\Windows\System32\sqlite36_engine.dll
[2011.02.27 15:49:09 | 000,000,030 | ---- | C] () -- C:\Windows\SSEKonf.ini
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:F3D5B2AD

< End of report >

--- --- ---

[/code]

Extras(Neu).TXT:

OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 05.05.2012 20:11:39 - Run 2
OTL by OldTimer - Version 3.2.42.2     Folder = C:\Users\Steffen\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 0,95 Gb Available Physical Memory | 47,86% Memory free
4,21 Gb Paging File | 3,11 Gb Available in Paging File | 73,86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74,52 Gb Total Space | 7,85 Gb Free Space | 10,53% Space Free | Partition Type: NTFS
Drive E: | 73,06 Gb Total Space | 51,77 Gb Free Space | 70,86% Space Free | Partition Type: NTFS
 
Computer Name: STEFFEN-PC | User Name: Steffen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [CEWE FOTOSCHAU] -- "E:\dm-Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [dm-Fotowelt] -- "E:\dm-Fotowelt\dm-Fotowelt.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01FB684B-B383-49F5-A893-945786987BCD}" = lport=445 | protocol=6 | dir=in | app=system | 
"{068CEBD1-3C2C-4C96-B1D7-7469D93DA4FC}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{37400866-BACC-4B85-B37A-313BE751B741}" = lport=137 | protocol=17 | dir=in | app=system | 
"{3F98854E-137B-4A76-A276-3E33E584779F}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{539782FC-DCB7-4EF9-826C-FCA47E6F14CA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{5A097B65-DB6C-4E3E-8AF5-E023BCB80638}" = rport=137 | protocol=17 | dir=out | app=system | 
"{64E77B25-D833-45E7-A1B0-9CA8B2FE2C6F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{6F1E8AB2-FDEB-4F82-B744-30834C18FD29}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{73440219-2689-4B31-AECF-83B9A66D9D6C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{747AD30B-5E90-4008-9EE2-7F10A4837123}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{85D1D3D2-C116-414E-AB24-841067607E59}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{99F20903-3637-4723-A079-7F56930813D8}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{9FEC4459-5A1F-4560-B507-CF4CA5F64F0B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{D3BEECD3-990C-4F46-9369-09ED64FEFB68}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{D7244E89-D82E-4501-98D8-39DCAEC0C9BF}" = rport=445 | protocol=6 | dir=out | app=system | 
"{D8CF807A-A014-4698-80C7-14F2A996C1E9}" = rport=139 | protocol=6 | dir=out | app=system | 
"{DF3CC9FA-9999-4023-80BF-BBA47959B9DB}" = lport=139 | protocol=6 | dir=in | app=system | 
"{EAA03634-6E59-42A8-B982-CB3336A7188E}" = rport=138 | protocol=17 | dir=out | app=system | 
"{F791EFAB-4F24-405C-91BD-03B5F3F98055}" = lport=138 | protocol=17 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0007AF3C-B250-4AC3-A149-2D824AB3A88C}" = protocol=6 | dir=in | app=e:\tobit clipinc\server\clipinc-server.exe | 
"{00B47A50-CDDF-4F2B-9E36-19D2ACE69694}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{0CB687C0-802E-42FD-825D-3752F1F544F8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{1149D5E6-F08F-4ADB-9E4B-1B970A120555}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{13147B18-365F-4449-BAB3-9F89A6A6A5AA}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{1321AEC1-D423-44A8-A39E-AC03629F1715}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{263E312E-130F-4DAE-8513-A1FC68DF019A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{320F21C4-BD22-4BA2-AD36-1A07C64DA32B}" = protocol=6 | dir=out | app=system | 
"{36BBC2A4-A572-4C50-8090-39304618A3D3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{672E82DC-3152-42A7-A3BB-9DBB84007538}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{9E0AAC1B-2535-403A-A03B-3D76B551CFC0}" = protocol=6 | dir=in | app=e:\tobit clipinc\player\clipinc-player.exe | 
"{A27639F6-9DAD-475F-8879-FF839CCA84A6}" = dir=in | app=c:\program files\avg\avg8\avgnsx.exe | 
"{A2CB7694-C3A5-4398-8624-697E2AB98A26}" = protocol=17 | dir=in | app=e:\tobit clipinc\server\clipinc-server.exe | 
"{A9473613-C196-4F8F-908E-E184A7CAD75E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{AB85B8B4-D5AC-4000-A914-90F779E80A57}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C11D1CBF-F922-4A1B-9F80-583DC0D049FE}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{C42598A6-47DF-41B4-B820-C5193F524D10}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{D70EB1AA-B8A9-4A6F-9F15-D64D98C4BC82}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{D95B3F87-F376-4806-B0D1-F8A9BFDFA592}" = protocol=17 | dir=in | app=e:\tobit clipinc\player\clipinc-player.exe | 
"{DE398B46-1E1E-4775-B7F8-142FA40BE728}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe | 
"{EDFF3588-652A-4464-A161-9FEB3A68D58D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{EFD37496-C293-49A0-90AC-2ACA69B61360}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}" = ElsterFormular 2008/2009
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0FF1922C-B6C4-40BB-AF30-BEF75A482444}" = Nokia Connectivity Cable Driver
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP630_series" = Canon MP630 series MP Drivers
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{1B58C9D2-1925-413F-B29A-C4E7596C43F5}" = Nokia PC Suite
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java(TM) 6 Update 30
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{2B11BA9C-7F97-4C16-970F-1491FD77969B}_is1" = GutscheinRausch.de - AddOn für Firefox
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4ACF5CB8-CADE-42C9-B3D3-B8751A2CDFD6}" = Toshiba TEMPO
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{5980B928-1C95-4B3E-957B-B02D8147FF9E}" = Desktop SMS
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}" = TOSHIBA ConfigFree
"{821D6F49-1B20-4809-8C73-286CFC52B1B1}" = Samsung Auto Backup
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Matrix Storage Manager
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A6D4234C-CB02-4048-AC3E-AD09404FA35A}" = Emdedded IR Driver
"{AC76BA86-7AD7-1031-7B44-A70900000002}" = Adobe Reader 7.0.9 - Deutsch
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{C233D370-4B1A-4F6F-BD55-16B0C131335B}_is1" = Batch DOCX to DOC Converter 2009
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBCD1FF1-6127-41A5-ABF3-D8C494E59094}" = SA31xx Device Manager & Media Converter
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D8E4A66D-DB68-481F-ABA8-AC622566D4CB}" = PC Connectivity Solution
"{DB780B85-B4B5-4864-A49C-9B706B169C93}" = TIPCI
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe
"{E572B060-C98B-4984-A48E-E4FA56265903}" = SA31xx Device Manager & Media Converter
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F5FB4B71-6301-11D4-9AD1-00A0C9B0C5F6}" = InfoBibliothek
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F9D54D77-01A4-7D34-6F3C-EDC9F8F466E3}" = Fragen-Lern-CD 4.0
"{FD9C31B6-F572-414D-81E3-89368C97A125}_is1" = CamStudio OSS Desktop Recorder
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"6315-1853-9670-8217" = Polysun Demo 5.8.6.15775
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"AVG9Uninstall" = AVG Free 9.0
"Canon MP630 series Benutzerregistrierung" = Canon MP630 series Benutzerregistrierung
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"de.3m5.wendel.flcd.FLCDB.4E7DF207D694E815646D9C9DD7DC91A41EB7FD23.1" = Fragen-Lern-CD 4.0
"Digital Editions" = Adobe Digital Editions
"dm-Fotowelt" = dm-Fotowelt
"doPDF 5  printer_is1" = doPDF 5.3  printer
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"ElsterFormular für Privatanwender 12.0.0.5880p" = ElsterFormular-Update
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition 2.0.0.1 (D)
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisorkennwort
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{A6D4234C-CB02-4048-AC3E-AD09404FA35A}" = Emdedded IR Driver
"InstallShield_{DB780B85-B4B5-4864-A49C-9B706B169C93}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"MAGIX Digital Foto Maker SE D" = MAGIX Digital Foto Maker SE 4.1.0.835 (D)
"MAGIX Foto Suite D" = MAGIX Foto Suite 1.12.0.89 (D)
"MAGIX Online Druck Service D" = MAGIX Online Druck Service 2.3.2.0 (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de)
"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
"NAVIGON Fresh" = NAVIGON Fresh 3.3.0
"nwwfo" = Favorit
"PVProfit" = PVProfit
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"Windows Media Encoder 9" = Windows Media Encoder 9-Reihe
"WinRAR archiver" = WinRAR
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >

--- --- ---

Kannst Du bitte das Script unter Punkt 3 nochmal aktualisieren? Oder hat sich da (trotz der 7 Updatepakete) nichts geändert???

zu 2) nach OTL habe ich den Defender abgeschalten und deaktiviert

Punkte 3 - 10 => noch nichts gemacht

Was meinst Du?
Danke und Gruß

kira · 06.05.2012, 09:28

1.
auch deinstalliert?:

Zitat:

Favorit

2.
zu Punkt 2. - Windows Defender
nochmal kontrolliere, ob Du richtig gemacht hast!:-> http://www.trojaner-board.de/114333-...tml#post825302

neue Script:
3.

Zitat:

Achtung wichtig!:
Falls Du selber im Logfile Änderungen vorgenommen hast, musst Du durch die Originalbezeichnung ersetzen und so in Script einfügen! sonst funktioniert nicht!
(Benutzerordner, dein Name oder sonstige Änderungen durch X, Stern oder andere Namen ersetzt)

Fixen mit OTL

Starte die OTL.exe.
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Kopiere folgendes Skript also - nach dem "Code", alles was in der Codebox steht):

Code:

ATTFilter

:OTL
IE - HKLM\..\SearchScopes,DefaultScope = {2C5BAA34-F8C4-42C0-80CE-02A267502AE7}
IE - HKLM\..\SearchScopes\{2C5BAA34-F8C4-42C0-80CE-02A267502AE7}: "URL" = http://www.google.de/search?q={searchTerms}&rls=com.microsoft:*:IE-SearchBox&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7;
IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch
IE - HKCU\..\SearchScopes\{0F36E18A-6296-4333-9D99-269AAFE3D111}_Search Solver: "URL" = http://www.search-solver.com/?t=Q0908221719&s=b&keywords={searchTerms}
IE - HKCU\..\SearchScopes\{2C5BAA34-F8C4-42C0-80CE-02A267502AE7}: "URL" = http://www.google.de/search?q={searchTerms}&rls=com.microsoft:*:IE-SearchBox&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7;
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={D056E45D-88C7-40CA-9340-DC2BFFB44DE9}&mid=4258a7e80e4df4355e997e37031c912e-89a0743544eb25f6fe1a70e6c7689c0422b59eb7&lang=de&ds=AVG&pr=fr&d=2011-12-03 17:21:13&v=10.0.0.7&sap=dsp&q={searchTerms}
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2546759&SearchSource=3&q={searchTerms}"
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
[2011.05.10 09:39:15 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Steffen\AppData\Roaming\mozilla\Firefox\Profiles\tlzq1cc7.default\extensions\engine@conduit.com
[2012.01.29 13:40:06 | 000,000,000 | ---D | M] (Gutscheinrausch.de) -- C:\Users\Steffen\AppData\Roaming\mozilla\Firefox\Profiles\tlzq1cc7.default\extensions\mail@gutscheinrausch.de
[2010.03.24 16:15:10 | 000,000,921 | ---- | M] () -- C:\Users\Steffen\AppData\Roaming\Mozilla\Firefox\Profiles\tlzq1cc7.default\searchplugins\conduit.xml
[2011.03.15 22:47:11 | 000,001,583 | ---- | M] () -- C:\Users\Steffen\AppData\Roaming\Mozilla\Firefox\Profiles\tlzq1cc7.default\searchplugins\web-search.xml
[2012.02.17 00:15:13 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.01.16 20:37:41 | 000,003,766 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012.02.17 00:15:13 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.02.17 00:15:13 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.17 00:15:13 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.17 00:15:13 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {965B54B0-71E0-4611-8DE7-F73FA0B20E26} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O4 - HKCU..\Run: [Winsweep]  File not found
O4 - HKCU..\Run: [Winsweep Popupblocker]  File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{0c920310-8d66-11dc-853d-001b384c250f}\Shell - "" = AutoRun
O33 - MountPoints2\{0c920310-8d66-11dc-853d-001b384c250f}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -a
O33 - MountPoints2\{666ef152-0265-11de-b51c-001b384c250f}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL \TestPersonal\Testpersonal.exe
O33 - MountPoints2\{6dcf734b-2920-11df-b73c-001b384c250f}\Shell - "" = AutoRun
O33 - MountPoints2\{6dcf734b-2920-11df-b73c-001b384c250f}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -a
O33 - MountPoints2\{9a28f430-ca2a-11de-a85e-001b384c250f}\Shell\AutoRun\command - "" = D:\setupSNK.exe
O33 - MountPoints2\{cd54ccde-72df-11df-a383-001b384c250f}\Shell\AutoRun\command - "" = D:\PrivacyDongle-Windows.exe
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\LaunchU3.exe -a
[2012.04.29 09:25:01 | 000,000,016 | ---- | M] () -- C:\ProgramData\wkirjnexyigxavkrtxytmjcnngajnqaf
[2012.04.28 14:23:47 | 000,000,016 | ---- | C] () -- C:\ProgramData\wkirjnexyigxavkrtxytmjcnngajnqaf
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:F3D5B2AD

:Files
C:\ProgramData\wkirjnexyigxavkrtxytmjcnngajnqaf
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]

und füge es hier ein:
Schließe alle Programme.
Klicke auf den Fix Button.
Klick auf .
OTL verlangt einen Neustart. Bitte zulassen.
Nach dem Neustart findest Du ein Textdokument.
Kopiere den Inhalt hier in Deinen Thread.

dann ab Punkt 4. weiter, wie gehabt!

Trojaner "Dieses Programm kann Webseite nicht anzeigen"

Log-Analyse und Auswertung: Trojaner "Dieses Programm kann Webseite nicht anzeigen"